An increasing need for data exchange among different parties involved in a care cycle ranging from traditional healthcare via home healthcare to wellness services has made secure management of health data a major issue. Today's approaches, which are based on traditional security mechanisms complemented with the necessary physical and administrative procedures, limit the availability of health information and make the exchange of health records cumbersome. Digital policy management and enforcement technologies outperform these traditional approaches by offering the possibility to realize (1) end-to-end privacy and security in heterogeneous networks, protecting the data independently of the infrastructure over which data travels or institutional boundaries; (2) cryptographic enforcement of role-based or attribute-based access control mechanisms, which is very important in healthcare applications, allowing only users with appropriate attributes (e.g. roles) to decrypt or sign a message, based on a secret key associated with his/her attributes.
One of the important aspects of the workflow in healthcare is non-repudiation of origin, which means that the receiver of the data can verify the data origin. In daily life, digital signatures are used to implement the non-repudiation property. In traditional signature schemes, a private and public key pair is generated for each user, of which pair the secret key can be used to sign a message while the public key can be used to verify the signature on the message. However, in a healthcare organization, attributes are usually used to describe the role and identity of the user, and access to data is being granted based on the user attributes. So the user may create or modify and then sign that data if and only if he/she has the right set of attributes. For this purpose, attribute-based signatures are being used, as described for example in Dalia Khader, “Attribute Based Group Signatures”, International Association for Cryptologic Research (IACR), 2007, 241. Hence, in healthcare, attributes are considered to be a major source of proving the data origin. These attributes may also comprise individual attributes that are unique to an individual in a specific domain (e.g. name or identifier). For example, a pharmacy will accept a prescription order if it has been signed by a specific user with a certain role (e.g. doctor John Smith). In another use case related to medical research where anonymity is important, a patient can sign his health record using only his non-unique attributes (such as that he is a 30-40 year old male). Hence, an important component of the attribute-based encryption (ABE) system for protection of health data is the attribute-based signature (ABS) scheme.
In attribute-based signature (ABS), the data is signed using a secret key SKω associated with the attribute set ω possessed by the user. To be able to sign a message, a user gets from the trusted authority a specific private key that corresponds to the set of certified attributes he/she has. As already mentioned, a user may also have the flexibility to select a subset of the secret key related to the subset of attributes which he/she may want to use for a particular signing operation.